240 likes | 393 Views
NDSS 2010 Adam Barth, University of California, Berkeley Adrienne Porter Felt , University of California, Berkeley Prateek Saxena , University of California, Berkeley Aaron Boodman , Google,Inc . Protecting Browsers from Extension Vulnerabilities. 張逸文. Outline. Introduction
E N D
NDSS2010 Adam Barth, University of California, Berkeley Adrienne Porter Felt , University of California, Berkeley PrateekSaxena , University of California, Berkeley Aaron Boodman, Google,Inc. Protecting Browsers from Extension Vulnerabilities 張逸文
Outline • Introduction • Firefox Extension System • Google Chrome Extension System • Performance • Conclusion
Outline • Introduction • Extensions • Benign-but-buggy Extensions • Firefox Extension System • Google Chrome Extension System • Performance • Conclusion
Introduction • 1/3 of Firefox users run at least 1 extension • Extend, modify and control browser behavior • Provide rich functionality and add features • Browser extensions differ from browser plug-ins • Extensions -- 使用瀏覽器的擴充介面,用來加強或增加瀏覽器功能的小程式 • Plug-ins -- 使用Netscape提供的NPAPI為介面,提供跨瀏覽器協力支援的程式。
Introduction • Benign-but-buggy extensions • Extensions aren’t written by security experts • Extensions interact extensively with web sites • Firefox extensions run with the browser’s full privileges • An attacker can usurp the extension’s broad privileges
Introduction • Attacking Example • R. S. Liverani and N. Freeman, “Abusing Firefox Extensions”, Defcon17, July 2009 • install a remote desktop server on the user’s machine
Outline • Introduction • Firefox Extension System • Attacks on Extensions • Limiting Firefox Extension Privileges • Google Chrome Extension System • Performance • Conclusion
Firefox Extension System • Attacks on Extensions • Cross-site Scripting • Replacing Native APIs • JavaScript Capability Leaks • Mixed Content • Firefoxextensions • Highprivilege • Richinteractionwithdistrustedwebcontent
Firefox Extension System • Limiting Firefox Extension Privileges ?? • Review 25 Firefox extensionsfromthe13categories • Behavior: How much privilege does an extension need? • Implementation: How much privilege does an extension receive?
Firefox Extension System • FirefoxSecuritySeverityRatings: • Critical • High • Medium • Low • None
Firefox Extension System • Result • Only 3 need critical privileges • The other 22 extensions exhibit a privilege gap
Firefox Extension System • Use the same interfaces
Outline • Introduction • Firefox Extension System • Google Chrome Extension System • Least privilege • Privilege separation • Strong isolation • Performance • Conclusion
Google Chrome Extension System • Least privilege • Explicitly requested in the extension’s manifest • Developers define privileges in manifest • Execute Arbitrary Code • Web Site Access • API Access
Google Chrome Extension System • Privilege separation
Google Chrome Extension System • Isolation Mechanisms • Extension identity -- a public key in the extension’s URL • Process Isolation -- run in different processes • IsolatedWorlds--ownJavaScriptobjects
Outline • Introduction • Firefox Extension System • Google Chrome Extension System • Performance • Conclusion
performance • Inter-component communication • Round-trip latency between content script & extension core: 0.8 ms • Isolated Worlds Mechanism • Add 33.3% overhead
Outline • Introduction • Firefox Extension System • Google Chrome Extension System • Performance • Conclusion
conclusion • Firefox extension system • Extensions are over-privileged • API needs to be tamed for least privilege • New extension system for Google Chrome • Developer encouraged to request few privileges • Extensions have a reduced attack surface
動動腦~ 一日,私塾裡大家都在讀經… 只有家家東張西望 老師問家家:妳為什麼不念呢? 因為家家有本難念的經